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IN ITfE-tTNITED STATES PATENT AND TRADEMARK OFFICE 
BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES 

In re. Patent Application of 

Hans S JOBLOM Group Art Unit: 3 62 1 

Application No. 09/4235 1 1 Examiner: Cheung, M. 

§37 1( c) date: 10 November 1999 

For: Method and Device for Performing Electronic Transactions 



Brief in Support of Appeal 



Real Party in Interest 

The subject application is owned by Comex Electronics AB of Taby, Sweden. 
Related Appeals and Interferences 

To the knowledge of the appellant, the assignee or his agent, no other appeal or 
interference will directly affect or be directly affected by or have a bearing on 
the Board's decision in the pending appeal. 



Status of Claims 

On 22 October 2004, appealed from the decision dated 22 March 2004 of the % 
examiner finally rejecting Claims 1-29, Claims 3 and 4 having been cancelled?: 

cu 

Claims 1,3, 6-13, 15, 17-19 having been amended and Claims 27-29 having £ 

**»* 

been added during prosecution. % 

o 

-»— I 

I — I 

ca 
cc 

Status of Amendments S 



cu cu 



Subsequent to the final rejection of 22 March 2004, the appellant filed an 
amendment to Claim 1 specifying that the electronic transactions are performed 
"via a communications network". Also Claims 4 and 5 were deleted as being 
redundant. In the Advisory Action of 22 September 2004, it was indicated that 
these amendments were entered, but without further comment than that "the 
arguments are not persuasive". 

Summary of the Invention 

Claim 1-20 and 27-29 in force relate to a method for performing electronic 
transactions via a communications network using a smart card. Claims 21 and 
22 relate to a smart card for carrying out electronic transactions. Claims 23-25 
relate to a combination of a smart card and a user-controlled communication 
unit. Claim 26 relates to the use of a smart card. 

In order to preserve absolute, physical, integrity when formulating the encrypted 
transaction message to be sent, creates, using software previously stored in the 
smart card, the transaction message in the smart card, independently of any 
connection to a communications network and without computer dialogue, before 
digitally signing it in the smart card. The central concept of the invention is the 
elimination of any possibility that any second of third party or their computer 
will compromise the integrity of the transaction message at any time during the 
process of its being created and electronically signed and sealed by the sender, 
see pages 2-8 , and in particular page 5, last paragraph and page 6 first 
paragraph. 

Issues 

Against Claims 1-9, 11-13, 15-18, 21-23 and 25-29 in this application, US 
Patent 6 038 55 1 {Barlow et al) has been cited under § 102 in the final rejection 
of 22 march 2004. Under § 103 Claim 14 was rejected citing Barlow et al and 



Claims 10 5 19-20 and 24 were rejected over Barlow et ah in view of Heinonen et 
ah (US 5,887,266). 

The Examiner's Rationale 

The Examiner's reasoning in rejection of the claims citing Barlow et al is inter 
alia that: Barlow et al does in fact teach the creation of a transaction message on 
the basis of entered transaction information in the smart card with the aid of 
software previously stored in the smart card. Barlow teaches this matter, in 
particular at column 14 lines 62 - column 15 line 10; Barlow teaches a user 
selecting beverage which corresponds to creating a transaction message, and the 
IC card are used for this beverage transaction which corresponds to the usage of 
the smart card as claimed, states the Examiner. 

The Examiner also takes up one feature of the claimed invention, namely lack of 
interaction with a communications network during the creation of the message. 
The Examiner states that "the vending machine purchase in Barlow's teaching 
(column 14 lines 62 — column 15 line 10) corresponds to this limitation because 
Barlow explicitly states "the vending machine is an example of an offline 
computer". 

Argument 

Barlow et ah describes a user-configurable smartcard, which can be used in a 
plurality of different systems. Of those systems discussed in Barlow et ah , three 
of them [a. ATM cash withdrawal (col. 14, lines 42-58), b. vending machine 
purchases (col. 14, line 62 — col. 15, line 10) and c. on-line shopping (col. 15 
and 16)] can be characterized as financial transaction systems. 



a. ATM cash withdrawal (col. 14, lines 42-58). This example in Barlow 
et ah illustrates how a financial transaction is effected using a smart 
card and an automatic teller machine. Lines 48-52 read: "Next, the IC 
card and the banking application running on the ATM exchange 
authentication information. The banking application then conducts a 
financial transaction through the API to the IC card." It is submitted 
that this describes prior art methods where there is back-and-forth 
interaction between the sender and the receiver [the bank's computer] 
during the creation of the transaction method and prior to its being 
electronically signed by the sender. Typically, conducting a financial 
transaction through the API [ Application Program Interface] to the IC 
card involves back and forth communication with a computer outside 
the sender's complete control. This is illustrated by the flow chart 
shown in Figs. 7-10 of Barlow et ah where steps 158-162, steps 170- 
174 and steps 180-186 all involve back and forth interaction with a 
second or third party computer during the creation of the signed 
transaction message. This is contrary to the concept of the invention as 
defined in the pending main claim. 

b. Vending machine purchases (col. 14, line 62 - col. 15, line 10). The 
cited passage in Barlow et ah refers to a known cash card which has a 
chip "loaded" with a certain amount of money. During use in a 
vending machine, the vending machine is able to interact with the chip 
and electronically deduct a certain payment amount from the chip on 
the cash card leaving the remaining amount in the chip for future 
purchases until completely used up and/or reloaded with money. 
There are significant difference between this known technology and 
the method for performing electronic transactions as disclosed in 
Claim 1 . The present invention creates a "transaction message" "in the 
smart card with the aid of software previously stored in the smart 



card". Also the created transaction message is provided with the 
senders "digital signature while using his own private key for 
subsequent output and transmission of the transaction message." While 
it is true that the above described use according to Barlow et ah of a 
cash card in a vending machine completes a transaction off-line, no 
digitally signed transaction message is produced and transmitted. Only 
an electronic deduction is made in the chip on the card by a 
mechanism in the vending machine. No message is ever digitally 
signed and transmitted in the vending machine example from Barlow 
et ah cited against Claim 1 . Digitally signing and transmitting a 
message is the very purpose of the present invention, that is to say 
creating and digitally signing a complete coded transaction message in 
the card without any possibility whatsoever of so-called hacking, and 
then transmitting the message to a receiver via a communications 
network. 

c. On-line shopping (col. 15 and 16). The entire described purchase 
process involves continual back-and-forth exchange of information: 
"Authentication information is exchanged between the IC card and 
shopping application for mutual verification." (col. 15, lines 27-28) ; 
"... mutually authenticated each other through the exchange of 
certificates. When the user is ready to place an order, the user and 
merchant computers will first exchange certificates." (col. 16, lines 13- 
16); "The user's computer and the merchant's computing unit then 
exchange the certificates over the public network (step 158). Upon 
receipt of the merchant's certificate, the commerce application submits 
the merchant's certificate through the card management and 
cryptography API 36 to the IC card 14 (step 160). the card processor 
50 examines the signature on the certificate to verify that it belongs to 
the certifying authority in this context (step 162). If the certificate is 



valid , the merchant identifying information can be checked and the 
public keys used to authenticate the merchant using a 
challengeresponse protocol. " 

All of the examples in Barlow et ah, involve interaction, before completion of 
the digitally signed message, with entities outside the sender's control, in 
particular in this case entities outside the actual smart card itself. Nowhere in 
Barlow et ah is there any indication of the concept of the present invention. 
All that Barlow et ah reveals is the previously known interacting technology 
which opens the possibility of hacking, intrusion and errors during the 
compiling and digital signing of the transaction message. It is submitted that 
the independent claims 1,21 and 23 are new and non-obvious over Barlow et 
ah 

US Patent 6 038 55 1 to Heinonen et al . cited in combination with Barlow et 
ah against Claims 10, 19-20 and 24 which are dependent claims, which in 
combination with an allowable independent claim do not need to exhibit 
novelty and non-obviousness in themselves. Nonetheless, Heinonen et ah 
only discloses the use of a mobile phone in a financial transaction conducted 
in the standard previously known manner, i.e. with back and forth interaction 
with an outside party during the formulation of the transaction message, i.e. 
offering a physical possibility of interference, reducing the sender's absolute 
confidence in the integrity of the transaction message, which is the purpose of 
the present invention. It is therefore maintained that all of the claims are 
allowable even over Barlow et ah in view of Heinonen et ah 

Appendix 

A copy of the pending claims is appended herewith. 
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CLAIMS 

1. (Currently amended) A method for performing electronic transactions via a com- 
munications network, in which a sender of transaction messages is assigned a smart 

5 card with an associated unique identity and a private key stored in the card in a pro- 
tected manner, and in which an associated public key is kept generally available, c h 
aracterisedin that in connection with an electronic transaction under the 
sender's own control, preferably through his own input of message information, the 
sender, independently of any connection to a communications network and without 

10 computer dialogue with a receiver, creates, on the basis of entered transaction in- 
formation, a transaction message, which contains information necessary for the 
transaction, the transaction message being created in the smart card with the aid of 
software previously stored in the smart card, and, in his smart card,' provides the 
created transaction message with his digital signature while using his own private 

15 key for subsequent output and transmission of the transaction message. 

2. (Original) A method as claimed in claim 1, characterised in that the 
transaction message contains information on sender, receiver, amount and pref- 
erably a transaction serial number. 

20 

3. (Previously amended) A method as claimed in claim 1 characterised in 
that the transaction message is created off-line, i.e. not connected to the communi- 
cations network that is used for the subsequent transmission of the transaction 
message. 

25 

4. (Deleted) A m e thod as claimed in claim 3, characterised in that the trans - 
action message is created off lino. 

5. (Deleted) A method as claimed in claim 1, characterised in that the trans 
30 action message is created in the smart card . 

6. (Previously amended) A method as claimed in claim 5, characterised in 
that the transaction message is created with the aid of sender information inserted 
in the card in advance. 

35 

7. (Previously amended) A method as claimed in claim 5,characterisedin 
that information required for the transaction message is input with the aid of 




input means arranged on the smart card, the card preferably being a so-called 
advanced smart card. 

8. (Previously amended) A method as claimed in claim ^characterised in 
5 that information necessary for the transaction message is input with the aid of a 

protected card terminal. 

9. (Previously amended) A method as claimed in claim 1, characterised in 
that information necessary for the transaction message is input with the aid of a 

10 separate card communication unit, the latter preferably also being a card activa- 
tor. 

10. (Previously amended) A method as claimed in claim 1, characterised in 
that information necessary for the transaction message is input with the aid of a tele- 

15 communications unit controlled by the smart card, especially a mobile telecommu- 
nications unit such as a mobile phone. 

1 1 . (Previously amended) A method as claimed in claim ^characterised in 
that the transaction message contains sender information in the form of at least one 

20 of the following pieces of information: a card number, a cash card number, a charge 
card number, a credit card number, an account number, an invoice number and an 
ID number. 

12. (Previously amended) A method as claimed in claim 1, characterised in 
25 that the transaction message contains receiver information in the form of at least one 

of the following pieces of information: a card number, a cash card number, a charge 
card number, a credit card number, an account number, an invoice number and an 
ID number. 

30 13. (Previously amended) A method as claimed in claim 1, characterised in 
that the signed transaction message is sent to a card or account administrator regard- 
ing the sender or receiver, that the digital signature of the transaction message is au- 
thenticated by using the public key, which is assigned to the one who is identified as 
sender by the transmitted transaction message, and that in case of authenticity, the 

35 receiver is credited with the transaction amount by a clearing process. 

14. (Original) A method as claimed in claim 13, charac- 
ter i s e d in that the signed transaction message is 



A 



first sent to the receiver, who optionally after his own checking of the digital signa- 
ture of the message forwards the signed transaction message to said card or account 
administrator. 

5 15. (Previously amended) A method as claimed in claim 1, characterised in 
that the signed transaction message is encrypted by using a public key belonging to 
the addressee, to whom the transaction message is sent, that the encrypted, signed 
transaction message is sent to the addressee, that the addressee by using his private 
key decrypts the signed transaction message, that the digital signature of the transac- 
10 tion message is authenticated by using the public key which is assigned to the one 
who is identified as sender by the transmitted transaction message, and that the re- 
ceiver, in case of authenticity, is credited with the transaction amount by a clearing 
process. 

15 16. (Original) A method as claimed in claim 15, charac- 
ter i s e d in that the addressee is the receiver, that the receiver, after decryption, 
sends the signed transaction message to a card or account administrator, whereupon 
said authentication takes place. 

20 17. (Previously amended) A method as claimed in claim 1, characterised in 
that the signed transaction message is encrypted by using the sender's public key and 
is provided with sender information and is then sent to a card or account administra- 
tor, who has the sender's private key and who preferably has issued the user's smart 
card, that said administrator decrypts the received encrypted message by using said 

25 private key, that authentication of the digital signature of the decrypted transaction 
message takes place by using the public key, which is assigned to the one who is 
identified as sender by the transmitted transaction message, and that the receiver, in 
case of authenticity, is credited with the transaction amount by a clearing process. 

30 18. (Previously amended) A method as claimed in claim 1, characterised 
in that the signed transaction message is sent non-encrypted, especially via a pub- 
lic communications network, such as the Internet or a telecommunications net- 
work. 

35 19. (Previously amended) A method as claimed in claim 1, characterised, in 
that the signed transaction message is sent by e-mail. 

20.(Original) A method as claimed in any one of claims 1-18, 



characterised in that the signed transaction message is sent via a mobile tele- 
phone network, especially by using a so-called SMS service. 

21. (Original) A smart card for carrying out electronic transactions, comprising 

5 means for storing card identification information, means for protected storing of a 
private key, means for storing an asymmetrical algorithm, means for input of trans- 
action information into the card, processor means for creating in the card a transac- 
tion message based on input transaction information, such as information on amount 
and receiver, and optionally information stored in the card, such as information on 
10 sender and preferably a serial number, and for providing the transaction message 

with a digital signature on the basis of said private key and said asymmetrical algo- 
rithm, and means for output of the signed transaction message. 

22. (Previously amended) A card as claimed in claim 21, characterised in 
1 5 that the card is of a so-called advanced type. 

23. (Original) A combination of a smart card and a user-controlled communication 
unit, which is arranged for communication with the smart card and with which the 
card is adapted to be combined with a view to producing an electronic transaction 

20 message, the card comprising means for protected storing of a private key, means 
for storing an asymmetrical algorithm and processor means for providing a created 
transaction message with a digital signature based on said private key and said al- 
gorithm, and said communication unit comprising means for input of transaction 
information, and means being arranged in the communication unit and/or in the 

25 card for creating said transaction message. 

24. (Original) A combination as claimed in claim 23, c h a r a c 

t e r i s e d in that the communication unit is a mobile telecommunication device. 

30 25. (Original) A combination as claimed in claim 23, characterised in that 
the communication unit is a combined card activator and information input- 
ter/processor. 

26.(Original) Use of a smart card with a private key stored therein for providing, in- 
35 dependently of the communications network, an electronic transaction message pro- 
vided with a digital signature based on the private key. 



27. (Previously added) A method as claimed in claim 2, characterised in that 
the transaction message is created off-line, i.e. not connected to the communications 
network that is issued for the subsequent transmission of the transaction message. 

5 2 8. (Previously added) A method as claimed in claim 6, characterised in that 
information required for the transaction message is input with the aid of input means 
arranged on the smart card, the card preferably being a so-called advanced smart 
card. 

10 29.(Previously added) A method as claimed in claim 27, characterised in that 
the transaction message is created off-line. 



